The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
The Hacker News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian-linked phishing hits thousands of messaging accounts via fake support tactics, enabling impersonation and data access.
The Hacker News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.